Fraud happens quickly and quietly. It could also take anywhere from weeks to months before customers find out someone has been conducting purchases or authorizing dubious financial transactions in their name.

And fraud isn’t just about impersonating someone and fooling others. Its effects are strongly felt by two parties: the businesses and the customers. Businesses incur increased fraud losses and damage their corporate reputation. Customers, as a result of the potential compromise of their personal data, must now prove that the fraud took place without their knowledge.

Identity theft, the most rampant type of fraud, has three most common variants: account origination, account takeover, and synthetic theft^[1] (combining real and fake information to form new customer identities). They make up almost 50% of the fraud losses suffered by Asia-Pacific businesses in 2018^[2]. And with customers predicted to generate more than 79.5 zettabytes of personal data by 2025^[3] through multiple devices, fraudsters will have even more opportunities to profit at everyone’s expense.

These risks mean that fraud is no longer the sole responsibility of the fraud team, but an organization-wide priority which should be championed by all C-suite leaders, i.e., CXOs. CXOs will need to ensure excellent customer experience and strategically target actual fraudsters.

How to achieve that desired balance

As the ownership of security and correspondingly, the impact of fraud, spreads out across different business units, achieving that perfect balance is no easy feat.

Here are the six major considerations for CXOs to mull over.

1. Explore mutually beneficial partnerships

Businesses fighting fraud alone tend to lose. Now more than ever, businesses need to establish partnerships with their industry counterparts to successfully combat fraud at a higher level.

Fraudsters are organization agnostic. They tend to move around and keep looking for weaker targets. As more and more organizations invest in anti-fraud solutions, fraudsters increase their reach as well. Hence, it’s important for organizations to ring-fence themselves from known fraudsters by exploring mutually beneficial partnerships.

One of the arguments given is that credit bureaus should be addressing this problem. But we have seen over the years in many economies that traditional credit bureaus don’t necessarily differentiate between a ‘fraudster’ and a ‘defaulter’. This creates a need for separate industry-wide collaborations to tackle the menace of fraud.

This has been hugely successful in reducing application fraud instances around the world. In markets like the UK and India, industry players have come together to share historical data of known fraudsters along with the other application details. These kinds of data consortiums are managed by neutral service providers to avoid any conflict of interest.

2. Internally align business goals with fraud mitigation

The main problem with working across business units is that everyone has different methods of achieving their goals and don’t always communicate with one other.

When doing fraud mitigation, these units first need to get on the same page^[4]. Proactive and regular communication keeps everyone in the loop and makes it simpler for the entire business to hit its revenue goals while circumventing fraud.

For example, fraud teams should be included in the product, marketing, and sales discussions. They can gain a deeper understanding of ongoing projects and campaigns that could impact their efforts to catch fraudsters.

Here, data-sharing can also achieve similar synergies across different business units. Siloed data, once unified within the business, will enable the creation of more holistic customer profiles and general behaviors. This will allow technology to leverage the data to identify patterns and spot anomalies in transactions and requests.

3. Monitor the entire transaction session

With the advent of technology and its universal accessibility, it can be easily used by fraudsters to penetrate enterprise fraud walls. It has been noticed that most organizations (including some of the large businesses) have increasingly faced advanced fraud attacks like man-in-the-middle, session hijack, etc. in recent times.

It is important to put into place a comprehensive fraud management system to throw fraudsters off throughout the session. Most online services limit their strict controls to the registration and login processes so as not to hamper customer experience. And the fraudsters have caught on: as in SIM Cloning, they will wait for legitimate customer log-ins and verifications instead of facing gatekeepers head-on.

Session usage monitoring isn’t limited to the point of login; it must account for specific customer behavior based on their unique historical session usage. Examples include the devices they use to log on, at what times, in which cities, for what duration, and the frequency and types of transactions. This knowledge enables businesses to spot out-of-the-ordinary behaviors and take appropriate actions.

4. Implement a multi-layered fraud prevention framework

Watching over customer sessions also requires businesses to employ multi-layered and multi-faceted fraud detection systems. As highlighted earlier, the usual confirmation process isn’t as effective anymore; fraudsters can jump on an actual customer log-in at any point in the session.

The priority isn’t the number of fraud protection layers, but its seamless blend with customer experience. Too few layers and customers will deem your platform as insecure and fraud-friendly. Too many layers, and it’ll be deemed disruptive or an overreaction. Worse, customers may stop their transactions midway—and not come back at all.

Aside from deploying endpoint controls, reviewing browsing behavior, and transaction monitoring, the other important security layers^[5] include cross-channel and cross-product transaction monitoring, as well as a holistic analysis of customer activities. These wider views operate on the same principle as sharing data across business units and service providers to devise a complete and detailed customer profile.

Worth noting is that 72% of customers worldwide^[6] are actually willing to provide more personal information if it means easy access to their accounts and greater security.

5. Apply right-sized fraud solutions

Unfortunately, making this “perfect blend” of fraud prevention and customer experience is ongoing work and not always smooth sailing. Customers will definitely hit some roadblocks when they log-on and afterward—no product or service platform is 100% perfect.

However, the questions are when this will happen, and how you address it. Customers expect some tradeoffs between convenience and safety. Slight disruptions are fine, even though 83% of customers express frustration when it happens^[7]. But if you block them during and after log-on—and if they can’t conduct even the simplest transactions on your platform—you’re sending the message that their business is completely unwelcoming.

The fraud solutions you use must be right-sized, and never overkill. The business’s response to fraud attempts must correspond to the actual percentage of confirmed fraudulent transactions. For example, 1% to 2% of your recorded transactions are confirmed as fraudulent. Based on this statistic, the organization’s appetite for fraud attempts can sit in the range of 4-6% based on the assumption that fraudsters would have to make several attempts before succeeding.

And these right-sized solutions kick in during account opening. A 2017 Experian whitepaper found that rightsizing here leads to massive reductions for manual reviews (49%), fraud rates (88%), attack rates (48%), and false-positive ratios (50%). Meanwhile, fraud detection rates go up by as much as 78%.

6.  Adopt the latest technology and fraud detection software.

The rapid speed of fraud calls for an equally, if not more, rapid response by businesses. Manual processes and more traditional tools like anti-malware programs and rules-based measures might not be up to speed here. The only way to keep up is to implement the latest technologies that are both easily deployable and highly adaptable.

For example, machine learning technology identifies fraud patterns that humans would typically miss during manual reviews, and helps businesses evolve and make accurate and data-backed decisions. Open-API solutions like Experian’s CrossCore^TM platform provide access to multiple services through a single API, and allow for customized responses to complex fraud attempts. An open-API model also enables easy and prompt plug-and-play to leverage the latest technologies in fraud detection and management without downtime.

Ultimately, being kept up to speed on fraud detection leads to a refined, disruption-free, and completely secure customer experience.

Fraud is not a siloed business today

Deploying a fraud solution that’s just right for a business involves several in-house units as well as external partners that can bring to the table what your business lacks, like another view of customer behavior.

With these six considerations, today’s CXOs can put into action a proactive response to any outside risks and fraud attempts—and boost consumer trust, which is what keeps the business up and running.

Reference:

1. Not all synthetic ID fraud is the same
2. 2019 Identity and Fraud Report for Asia-Pacific
3. 2020 Global Identity and Fraud Report
4. Aligning your team to fight rising fraud threats
5. Online payment fraud whitepaper
6. 2020 Global Identity and Fraud Report
7. Aligning your team to fight rising fraud threats